From owner-freebsd-security Tue Jul 17 10: 0: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from D00015.dialonly.kemerovo.su (D00015.dialonly.kemerovo.su [213.184.66.105]) by hub.freebsd.org (Postfix) with ESMTP id BC3D137B409 for ; Tue, 17 Jul 2001 09:59:54 -0700 (PDT) (envelope-from eugen@D00015.dialonly.kemerovo.su) Received: (from eugen@localhost) by D00015.dialonly.kemerovo.su (8.11.4/8.11.4) id f6HGsLE01666; Wed, 18 Jul 2001 00:54:21 +0800 (KRAST) (envelope-from eugen) Date: Wed, 18 Jul 2001 00:54:21 +0800 From: Eugene Grosbein To: "Jason L. Schwab" Cc: freebsd-security@FreeBSD.ORG Subject: Re: login failure question Message-ID: <20010718005421.A1615@grosbein.pp.ru> References: <20010717094033.F3123-100000@mirage.jlschwab.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010717094033.F3123-100000@mirage.jlschwab.com>; from jlschwab@jlschwab.com on Tue, Jul 17, 2001 at 09:43:23AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 17, 2001 at 09:43:23AM -0600, Jason L. Schwab wrote: > What I am wondering is, is there a way, for like after 10 invalid > logins from the same host/ip (mask?) can I have login run a ipfw > command and block them for like 24 hours or something? I can do > the 24 thing, I just need to know how to have login run whatever > script I want it to call. You can use syslogd to implement this. man syslog.conf explains how to run your application for an event. This application should keep statictics and run ipfw command when needed. Eugene Grosbein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message